Hello community,
here is the log from the commit of package pam_ssh
checked in at Tue Jan 15 08:53:21 CET 2008.
--------
--- pam_ssh/pam_ssh.changes 2007-03-05 18:08:53.000000000 +0100
+++ /mounts/work_src_done/STABLE/pam_ssh/pam_ssh.changes 2008-01-14 13:27:12.000000000 +0100
@@ -1,0 +2,13 @@
+Mon Jan 14 13:25:03 CET 2008 - anicka@suse.cz
+
+- update to 1.96
+ * pam_ssh.c (key_load_private_maybe): New wrapper for
+ key_load_private() that checks whether the private key's
+ passphrase is blank.
+ * pam_ssh.c: if PAM returns tty_raw = NULL we shouldn't fiddle
+ with a per-session file. That seems to happen if the session
+ module is used for background system services (like cron).
+ * pam_ssh.c: fixed double-free issue with file closing
+- remove last two patches (fixed in upstream)
+
+-------------------------------------------------------------------
Old:
----
pam_ssh-1.94-SEGV.diff
pam_ssh-1.94.tar.bz2
pam_ssh-session.patch
New:
----
pam_ssh-1.96.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_ssh.spec ++++++
--- /var/tmp/diff_new_pack.Q17289/_old 2008-01-15 08:53:06.000000000 +0100
+++ /var/tmp/diff_new_pack.Q17289/_new 2008-01-15 08:53:06.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package pam_ssh (Version 1.94)
+# spec file for package pam_ssh (Version 1.96)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -12,16 +12,14 @@
Name: pam_ssh
BuildRequires: openssh openssl-devel pam-devel
-License: BSD License and BSD-like
+License: BSD 3-Clause
Group: Productivity/Networking/SSH
-Autoreqprov: on
-Version: 1.94
-Release: 43
+AutoReqProv: on
+Version: 1.96
+Release: 1
Summary: PAM Module for SSH Authentication
-URL: http://developer.novell.com/wiki/index.php/Pam_ssh
+Url: http://developer.novell.com/wiki/index.php/Pam_ssh
Source: %{name}-%{version}.tar.bz2
-Patch0: pam_ssh-session.patch
-Patch1: %{name}-%{version}-SEGV.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -39,8 +37,6 @@
%prep
%setup -q
-%patch0
-%patch1
%build
%{suse_update_config -f}
@@ -69,6 +65,16 @@
%attr(444,root,root) %_mandir/man*/*.*
%changelog
+* Mon Jan 14 2008 - anicka@suse.cz
+- update to 1.96
+ * pam_ssh.c (key_load_private_maybe): New wrapper for
+ key_load_private() that checks whether the private key's
+ passphrase is blank.
+ * pam_ssh.c: if PAM returns tty_raw = NULL we shouldn't fiddle
+ with a per-session file. That seems to happen if the session
+ module is used for background system services (like cron).
+ * pam_ssh.c: fixed double-free issue with file closing
+- remove last two patches (fixed in upstream)
* Mon Mar 05 2007 - anicka@suse.de
- fix crash in pam_sm_open_session [#251053]
* Fri Nov 24 2006 - max@suse.de
++++++ pam_ssh-1.94.tar.bz2 -> pam_ssh-1.96.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/AUTHORS new/pam_ssh-1.96/AUTHORS
--- old/pam_ssh-1.94/AUTHORS 2006-06-22 19:48:43.000000000 +0200
+++ new/pam_ssh-1.96/AUTHORS 2007-08-03 13:10:03.000000000 +0200
@@ -1,3 +1,4 @@
Andrew J. Korty
Roderick Schertler
Patrice Dumas
+Wolfgang Rosenauer
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/ChangeLog new/pam_ssh-1.96/ChangeLog
--- old/pam_ssh-1.94/ChangeLog 2006-08-03 12:28:41.000000000 +0200
+++ new/pam_ssh-1.96/ChangeLog 2007-08-03 13:17:39.000000000 +0200
@@ -1,3 +1,31 @@
+Version 1.96 released
+=====================
+2007-08-03 Wolfgang Rosenauer (merged from SF.net Andrew J. Korty )
+
+ * pam_ssh.c (key_load_private_maybe): New wrapper for
+ key_load_private() that checks whether the private key's
+ passphrase is blank. If so and if allow_blank_passphrase isn't set
+ or the user supplied passphrase isn't empty, this function returns
+ NULL. This approach is necessary because key_load_private() will
+ load a key with a blank passphrase regardless of the passphrase
+ entered. Thanks to Rob Henderson for the report.
+
+Version 1.95 released
+=====================
+
+2007-04-02 Wolfgang Rosenauer
+
+ * pam_ssh.c: if PAM returns tty_raw = NULL we shouldn't fiddle
+ with a per-session file. That seems to happen if the session
+ module is used for background system services (like cron).
+ https://bugzilla.novell.com/show_bug.cgi?id=251053
+
+2006-11-24 Wolfgang Rosenauer
+
+ * pam_ssh.c: fixed double-free issue with file closing
+ https://bugzilla.novell.com/show_bug.cgi?id=223488
+ (patch by Reinhard Max)
+
Version 1.94 released
=====================
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/configure new/pam_ssh-1.96/configure
--- old/pam_ssh-1.94/configure 2006-08-03 12:30:03.000000000 +0200
+++ new/pam_ssh-1.96/configure 2007-08-03 13:09:45.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.58 for pam_ssh 1.94.
+# Generated by GNU Autoconf 2.58 for pam_ssh 1.96.
#
# Report bugs to .
#
@@ -428,8 +428,8 @@
# Identity of this package.
PACKAGE_NAME='pam_ssh'
PACKAGE_TARNAME='pam_ssh'
-PACKAGE_VERSION='1.94'
-PACKAGE_STRING='pam_ssh 1.94'
+PACKAGE_VERSION='1.96'
+PACKAGE_STRING='pam_ssh 1.96'
PACKAGE_BUGREPORT='ajk@waterspout.com'
ac_unique_file="pam_ssh.c"
@@ -939,7 +939,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pam_ssh 1.94 to adapt to many kinds of systems.
+\`configure' configures pam_ssh 1.96 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1006,7 +1006,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pam_ssh 1.94:";;
+ short | recursive ) echo "Configuration of pam_ssh 1.96:";;
esac
cat <<\_ACEOF
@@ -1147,7 +1147,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pam_ssh $as_me 1.94, which was
+It was created by pam_ssh $as_me 1.96, which was
generated by GNU Autoconf 2.58. Invocation command line was
$ $0 $@
@@ -1865,7 +1865,7 @@
# Define the identity of the package.
PACKAGE=pam_ssh
- VERSION=1.94
+ VERSION=1.96
cat >>confdefs.h <<_ACEOF
@@ -11291,7 +11291,7 @@
} >&5
cat >&5 <<_CSEOF
-This file was extended by pam_ssh $as_me 1.94, which was
+This file was extended by pam_ssh $as_me 1.96, which was
generated by GNU Autoconf 2.58. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -11354,7 +11354,7 @@
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-pam_ssh config.status 1.94
+pam_ssh config.status 1.96
configured by $0, generated by GNU Autoconf 2.58,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/configure.ac new/pam_ssh-1.96/configure.ac
--- old/pam_ssh-1.94/configure.ac 2006-08-03 12:29:04.000000000 +0200
+++ new/pam_ssh-1.96/configure.ac 2007-08-03 13:20:43.000000000 +0200
@@ -1,4 +1,5 @@
-dnl Copyright (c) 2002, 2004 Andrew J. Korty
+dnl Copyright (c) 2002, 2004, 2007 Andrew J. Korty
+dnl (c) 2006 Wolfgang Rosenauer
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -26,12 +27,12 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([pam_ssh],[1.94],[ajk@waterspout.com])
+AC_INIT([pam_ssh],[1.96],[ajk@ajk.name])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR([pam_ssh.c])
AC_CANONICAL_TARGET([])
AM_DISABLE_STATIC
-AM_INIT_AUTOMAKE(pam_ssh, 1.94)
+AM_INIT_AUTOMAKE(pam_ssh, 1.96)
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/NEWS new/pam_ssh-1.96/NEWS
--- old/pam_ssh-1.94/NEWS 2006-08-03 12:31:53.000000000 +0200
+++ new/pam_ssh-1.96/NEWS 2007-08-03 13:19:14.000000000 +0200
@@ -1,3 +1,16 @@
+Version 1.96
+============
+
+SECURITY FIX: The allow_blank_passphrase option was defeatable simply
+by entering a random but non-blank passphrase. Thanks to Rob
+Henderson for the report.
+
+Version 1.95
+============
+
+Bugfix release to avoid double-free and and a null-pointer dereference
+issues.
+
Version 1.94
============
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/pam_ssh.c new/pam_ssh-1.96/pam_ssh.c
--- old/pam_ssh-1.94/pam_ssh.c 2006-08-04 08:25:06.000000000 +0200
+++ new/pam_ssh-1.96/pam_ssh.c 2007-08-03 13:21:43.000000000 +0200
@@ -2,7 +2,7 @@
* Copyright (c) 2006 Wolfgang Rosenauer
* All rights reserved.
*
- * Copyright (c) 1999, 2000, 2001, 2002, 2004 Andrew J. Korty
+ * Copyright (c) 1999, 2000, 2001, 2002, 2004, 2007 Andrew J. Korty
* All rights reserved.
*
* Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
@@ -205,6 +205,26 @@
free(data);
}
+/*
+ * If the private key's passphrase is blank, only load it if the
+ * *supplied* passphrase is blank and if allow_blank_passphrase is
+ * set.
+ */
+
+static Key *
+key_load_private_maybe(const char *path, const char *passphrase,
+ char **commentp, int allow_blank)
+{
+ Key *key;
+
+ /* try loading the key with a blank passphrase */
+ key = key_load_private(path, "", commentp);
+ if (key)
+ return allow_blank && *passphrase == '\0' ? key : NULL;
+
+ /* the private key's passphrase isn't blank */
+ return key_load_private(path, passphrase, commentp);
+}
/*
* Authenticate a user's key by trying to decrypt it with the password
@@ -216,7 +236,7 @@
static int
auth_via_key(pam_handle_t *pamh, const char *file, const char *dir,
- const struct passwd *user, const char *pass)
+ const struct passwd *user, const char *pass, int allow_blank)
{
char *comment; /* private key comment */
char *data_name; /* PAM state */
@@ -241,7 +261,7 @@
success, the user is authenticated. */
comment = NULL;
- key = key_load_private(path, pass, &comment);
+ key = key_load_private_maybe(path, pass, &comment, allow_blank);
free(path);
if (!comment && !(comment = strdup(file))) {
pam_ssh_log(LOG_CRIT, "out of memory");
@@ -452,7 +472,7 @@
return retval;
}
- if (!pass || (!allow_blank_passphrase && *pass == '\0')) {
+ if (!pass) {
pam_ssh_log(LOG_ERR, "blank passphrases disabled");
openpam_restore_cred(pamh);
return PAM_AUTH_ERR;
@@ -477,8 +497,8 @@
}
for (file = strtok(keyfiles, SEP_KEYFILES); file;
file = strtok(NULL, SEP_KEYFILES))
- if (auth_via_key(pamh, file, dotdir, pwent, pass)
- == PAM_SUCCESS) {
+ if (auth_via_key(pamh, file, dotdir, pwent, pass,
+ allow_blank_passphrase) == PAM_SUCCESS) {
pam_ssh_log(LOG_DEBUG, "auth successful for key %s", file);
authenticated = 1;
}
@@ -595,7 +615,8 @@
per-session filename later. Start the agent if we can't open
the file for reading. */
- env_write = child_pid = 0;
+ env_write = -1;
+ child_pid = 0;
env_read = NULL;
start_agent = 1;
@@ -613,11 +634,12 @@
time_now = time(NULL);
if((time_up = uptime()) > 0) {
- if (file_ctime > (time_now - time_up))
+ if (file_ctime > (time_now - time_up)) {
// session is still running - do nothing
start_agent = 0;
+ } else
+ fclose(env_read);
}
- fclose(env_read);
}
if (start_agent) {
@@ -840,6 +862,13 @@
return retval;
}
+ /* tty_raw could be NULL in which case we shouldn't bother
+ * with the per-session file */
+ if (!tty_raw) {
+ pam_ssh_log(LOG_DEBUG, "session has no tty");
+ return PAM_SUCCESS;
+ }
+
/* set tty_nodir to the tty with / replaced by _ */
if (!(tty_nodir = strdup(tty_raw))) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.94/pam_ssh.spec new/pam_ssh-1.96/pam_ssh.spec
--- old/pam_ssh-1.94/pam_ssh.spec 2006-08-03 12:30:21.000000000 +0200
+++ new/pam_ssh-1.96/pam_ssh.spec 2007-08-03 13:22:03.000000000 +0200
@@ -4,7 +4,7 @@
BuildRequires: pam-devel
License: BSD
Group: Productivity/Networking/SSH
-Version: 1.94
+Version: 1.96
Release: 1
Summary: A Pluggable Authentication Module (PAM) for use with SSH.
URL: http://developer.novell.com/wiki/index.php/Pam_ssh
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org